package JDBC;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

public class JDBCDemo7 {
    public static void main(String[] args) {
        String username = "ll";
        String password = "a' OR '1'='1";


        try (
                Connection connection = DBUtil.getConnection();
        ) {
            String sql = "SELECT id,username,password,nickname,age " +
                    "FROM userinfo " +
                    "WHERE username=? AND password=?";

            PreparedStatement ps = connection.prepareStatement(sql);
            ps.setString(1, username);
            ps.setString(2, password);

            ResultSet rs = ps.executeQuery();
            if (rs.next()) {
                System.out.println("登入成功");
            } else {
                System.out.println("登入失败");
            }


        } catch (SQLException e) {
            e.printStackTrace();
        }
    }
    public void test(int a ,int b){
        int sum =a+b;
    }




}
